Mysteryshack Save

A remoteStorage-server

Project README

not maintained

Please see https://github.com/untitaker/mysteryshack/issues/74

mysteryshack

Mysteryshack is a lightweight, yet self-contained remoteStorage-server.

This project is still in active development. Do not use with sensitive data, or without backup.

Use username demo and password demo on my server to try it out. Don't use that account for actual data though: It is reset daily.

Installation

You need OpenSSL installed.

Install Rust and Cargo.
Clone this repository.
Run make.
Stick ./target/release/mysteryshack into your PATH.

Usage

Edit config.example and save it as config.
mysteryshack user create foo to create a new user called foo.
mysteryshack serve to run the server as configured in ./config.

For advanced usage, see mysteryshack --help and mysteryshack user --help.

Updating

Just git pull and make again.

Troubleshooting

OS X and OpenSSL

As of OS X 10.11, OpenSSL isn't installed anymore. You'll need to install it manually:

brew install openssl
brew link --force openssl

Implementation notes

Mysteryshack mostly implements draft-dejong-remotestorage-05.txt, however:
- it sends two kinds of webfinger responses to stay compatible with remotestorage.js.
- The app-provided client_id is ignored, Origin of redirect_uri is used for app identification.
Mysteryshack is set up to be tested against the official api test suite automatically (in Travis).
Mysteryshack's approach to concurrency is very simplistic. Only storage operations are safe to perform concurrently. User creation and deletion, app authorization and de-authorization are not, because it is assumed that the user performing those operations is a single human with only two hands and one keyboard.
Web admin sessions are stored inside signed cookies. The key is generated at server startup. To log everybody out, restart the server.
OAuth tokens are JSON signed with a per-user key. The server stores a list of client_ids the user has authorized, and checks if the token's client_id claim is found in that list.
Mysteryshack violates the WebFinger RFC by returning bogus information for nonexistent accounts. This is done to prevent account enumeration.

License

Logo is licensed under CC-BY-SA, based on:
- Rust logo, CC-BY
- remoteStorage logo, CC-BY-SA
Source code is licensed under the MIT, see LICENSE.

Open Source Agenda is not affiliated with "Mysteryshack" Project. README Source: untitaker/mysteryshack

Stars

116

Open Issues

Last Commit

1 year ago

Repository

untitaker/mysteryshack

License

MIT

Homepage

https://shack.unterwaditzer.net/

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/mysteryshack"><img src="https://www.opensourceagenda.com/projects/mysteryshack/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022